Had a client computer that could no longer connect to the VPN. The end-user blamed IT for changing something as it “worked before your scheduled weekend updates”. Yeah.

Turns out this guy had a rootkit, a trojan, and some malware on his system. Shame on IT for not catching it sooner, but it didn’t spread anywhere else.

Combofix, malwarebytes, TDSS, and stinger later, I was convinced we got it off of his system. Unfortunately he could still not connect due to the Base Filtering Engine service and the Windows Firewall service being unable to start. Cisco’s anyconnect client requires these two services in order to perform the necessary handshaking for a secured VPN connection.

Found these two kick butt registry keys to fix the situation:
http://it.thelibrarie.com/utilities/firewall.reg.txt
http://it.thelibrarie.com/utilities/bfe.reg.txt

Obviously change them to .reg files and run. I generally edit them to see what they do before blindly installing registry keys from a random IT site.